public virtual IObjectPermission AddObjectPermission <TSource, TargetType>(SecurityOperation operation, OperationState state, Expression <Func <TSource, TargetType, bool> > criteria) where TSource : BaseSecurityDbContext { var objectPermission = new ObjectPermission <TSource, TargetType>(operation, state, criteria); permissions.Add(objectPermission); return(objectPermission); }
public ObjectPermission(SecurityOperation operations, OperationState state, Expression <Func <TSource, TargetType, bool> > criteria) { Type = typeof(TargetType); Operations = operations; OperationState = state; Criteria = criteria; }
public virtual IMemberPermission AddMemberPermission <TSource, TargetType>(SecurityOperation operation, OperationState state, string memberName, Expression <Func <TSource, TargetType, bool> > criteria) where TSource : BaseSecurityDbContext { if (operation.HasFlag(SecurityOperation.Create)) { throw new ArgumentException("The create value of the 'operations' parameter is incorrect in this context. Only the Read and Write operations can be granted by a member permission."); } if (operation.HasFlag(SecurityOperation.Delete)) { throw new ArgumentException("The delete value of the 'operations' parameter is incorrect in this context. Only the Read and Write operations can be granted by a member permission."); } Type targetType = typeof(TargetType); PropertyInfo targetMember = targetType.GetProperty(memberName); if (targetMember == null) { throw new ArgumentException(string.Format("{0} type doesn't contain {1} property.", targetType.Name, memberName)); } var memberPermission = new MemberPermission <TSource, TargetType>(operation, state, memberName, criteria); memberPermission.Type = typeof(TargetType); memberPermission.Operations = operation; memberPermission.OperationState = state; permissions.Add(memberPermission); return(memberPermission); }
/// <summary> /// 判断权限 /// 用于判断增加权限 /// </summary> /// <param name="so">权限操作类型</param> /// <param name="formid">窗体ID</param> /// <returns></returns> public bool CheckAuth(SecurityOperation so, int formid) { bool bResult = false; //如果是超级用户则直接返回True if (IsAdmin) { bResult = true; } else { foreach (Hashtable ht in GetFormSecurity(formid)) { //增加权限,只要设置的不为None,其他的都具有 if (so == SecurityOperation.Add) { if ((SecurityOperationValue)ht[so] != SecurityOperationValue.None) { bResult = true; if (bResult) { return(bResult); } } } } } return(bResult); }
private ResultProcessOperation IsGrantedByObject(Type type, SecurityOperation operation, object targetObject) { ResultProcessOperation result = ResultProcessOperation.NotContainTargetPermissions; IEnumerable <IObjectPermission> objectPermissions = GetObjectPermissions(type).Where(p => p.Operations.HasFlag(operation)); List <bool> objectPermissionsStates = new List <bool>(); foreach (IObjectPermission objectPermission in objectPermissions) { OperationState operationState = objectPermission.OperationState; LambdaExpression criteriaExpression = objectPermission.Criteria; bool permissionResult = GetPermissionCriteriaResult(criteriaExpression, targetObject); if (permissionResult) { if (operationState == OperationState.Allow) { objectPermissionsStates.Add(true); } else { objectPermissionsStates.Add(false); } } } result = MergePermissionsStates(objectPermissionsStates); return(result); }
public bool IsGranted(Type type, SecurityOperation operation, object targetObject, string memberName) { ResultProcessOperation result = ResultProcessOperation.NotContainTargetPermissions; if (!IsSecuredType(type)) { result = ResultProcessOperation.Allow; } if (targetObject != null && !string.IsNullOrEmpty(memberName)) { result = IsGrantedByMember(type, operation, targetObject, memberName); } if (result == ResultProcessOperation.NotContainTargetPermissions && targetObject != null) { result = IsGrantedByObject(type, operation, targetObject); } if (result == ResultProcessOperation.NotContainTargetPermissions) { result = IsGrantedByType(type, operation); } if (result == ResultProcessOperation.NotContainTargetPermissions) { result = IsGrantedByOperation(operation) ? ResultProcessOperation.Allow : ResultProcessOperation.Deny; if (result == ResultProcessOperation.Deny && targetObject != null && string.IsNullOrEmpty(memberName)) { result = IsAnyMemberGranted(type, operation, targetObject); } } if (result == ResultProcessOperation.NotContainTargetPermissions) { throw new ArgumentOutOfRangeException(); } return((result == ResultProcessOperation.Allow) ? true : false); }
private ResultProcessOperation IsGrantedByMember(Type type, SecurityOperation operation, object targetObject, string memberName) { ResultProcessOperation result; var memberPermissions = GetMemberPermissions(type).Where(p => p.Operations.HasFlag(operation)); List <bool> memberPermissionsStates = new List <bool>(); foreach (IMemberPermission memberPermission in memberPermissions) { string currentMemberName = memberPermission.GetType().GetProperty("MemberName").GetValue(memberPermission, null) as string; if (memberName != currentMemberName) { continue; } OperationState operationState = memberPermission.OperationState; LambdaExpression criteriaExpression = memberPermission.Criteria; bool permissionResult = GetPermissionCriteriaResult(criteriaExpression, targetObject); if (permissionResult) { if (operationState == OperationState.Allow) { memberPermissionsStates.Add(true); } else { memberPermissionsStates.Add(false); } } } result = MergePermissionsStates(memberPermissionsStates); return(result); }
public PermissionSet GetObjectDefPermissions(Guid objectId, SecurityOperation operation) { var cached = ObjectDefPermissionCache.Find(objectId); if (cached != null) { return(cached.CachedObject); } IQueryable <Guid> permissions; var edc = DataContext.GetEntityDataContext(); if (operation == SecurityOperation.Access) { permissions = edc.Entities.Permission_Defs.Include("Permissions") .Where(d => d.Def_Id == objectId && (d.Access_Type == null || d.Access_Type == 0) && (d.Permission.Deleted == null || d.Permission.Deleted == false)) .Select(d => d.Permission_Id); } else { var op = (int)operation; permissions = edc.Entities.Permission_Defs.Include("Permissions") .Where(d => d.Def_Id == objectId && d.Access_Type == op && (d.Permission.Deleted == null || d.Permission.Deleted == false)) .Select(d => d.Permission_Id); } var permissionSet = new PermissionSet(permissions); ObjectDefPermissionCache.Add(permissionSet, objectId); return(permissionSet); }
public MemberPermission(SecurityOperation operations, OperationState operationState, string memberName, Expression <Func <TSource, TargetType, bool> > criteria) { Type = typeof(TargetType); Operations = operations; OperationState = operationState; MemberName = memberName; Criteria = criteria; }
public static void AddOnePermission(SecurityDbContext securityDbContext, SecurityOperation operation) { securityDbContext.PermissionsContainer.SetPermissionPolicy(PermissionPolicy.DenyAllByDefault); Expression <Func <DbContextMultiClass, DbContextObject1, bool> > criteria = (db, obj) => obj.Description.StartsWith("Description"); foreach (SecurityOperation securityOperation in GetSecurityOperations()) { securityDbContext.PermissionsContainer.AddObjectPermission(securityOperation, OperationState.Allow, criteria); } }
public virtual IObjectPermission AddObjectPermission <TSource, TargetType>(SecurityOperation operation, OperationState state, Expression <Func <TSource, TargetType, bool> > criteria) where TSource : BaseSecurityDbContext { SecurityObjectPermission objectPermission = new SecurityObjectPermission(); objectPermission.Type = typeof(TargetType); objectPermission.Criteria = criteria; objectPermission.Operations = operation; objectPermission.OperationState = state; this.ObjectPermissions.Add(objectPermission); return(objectPermission); }
public virtual ITypePermission SetTypePermission(Type type, SecurityOperation operation, OperationState state) { TypePermission typePermission = FindFirstTypePermission(type); if (typePermission == null) { typePermission = new TypePermission(type); permissions.Add(typePermission); } typePermission.Operations = operation; typePermission.OperationState = state; return(typePermission); }
private bool IsGrantedByOperation(SecurityOperation operation) { bool result; IEnumerable <IPolicyPermission> operationPermissions = permissionsProvider.GetPermissions().OfType <IPolicyPermission>(); if (operationPermissions.Count() != 0) { result = operationPermissions.Any(p => p.Operations.HasFlag(operation)); } else { result = DefaultOperationsAllow.HasFlag(operation); } return(result); }
public void SecurityValidator_DisallowsOperationOnNoteVote_WrongParticipant(SecurityOperation securityOperation) { // Given Retrospective retro = GetRetrospectiveInStage(RetrospectiveStage.Voting); var noteVote = new NoteVote { ParticipantId = 1 }; this._currentParticipantService.SetParticipant(new CurrentParticipantModel(2, String.Empty, false)); // When TestDelegate action = () => this._securityValidator.EnsureOperation(retro, securityOperation, noteVote).GetAwaiter().GetResult(); // Then Assert.That(action, Throws.InstanceOf <OperationSecurityException>()); }
public void SecurityValidator_AllowsOperationOnNote_IsFacilitator(SecurityOperation securityOperation) { // Given Retrospective retro = GetRetrospectiveInStage(RetrospectiveStage.Grouping); var noteGroup = new NoteGroup { Title = "G" }; this._currentParticipantService.SetParticipant(new CurrentParticipantModel(212, String.Empty, true)); // When TestDelegate action = () => this._securityValidator.EnsureOperation(retro, securityOperation, noteGroup).GetAwaiter().GetResult(); // Then Assert.That(action, Throws.Nothing); }
public void SecurityValidator_AllowsOperationOnNote_CorrectParticipant(SecurityOperation securityOperation) { // Given Retrospective retro = GetRetrospectiveInStage(RetrospectiveStage.Writing); var note = new Note { ParticipantId = 212 }; this._currentParticipantService.SetParticipant(new CurrentParticipantModel(212, String.Empty, false)); // When TestDelegate action = () => this._securityValidator.EnsureOperation(retro, securityOperation, note).GetAwaiter().GetResult(); // Then Assert.That(action, Throws.Nothing); }
public virtual IMemberPermission AddMemberPermission <TSource, TargetType>(SecurityOperation operation, OperationState state, string memberName, Expression <Func <TSource, TargetType, bool> > criteria) where TSource : BaseSecurityDbContext { if (operation.HasFlag(SecurityOperation.Create)) { throw new ArgumentException("The create value of the 'operations' parameter is incorrect in this context. Only the Read and Write operations can be granted by a member permission."); } if (operation.HasFlag(SecurityOperation.Delete)) { throw new ArgumentException("The delete value of the 'operations' parameter is incorrect in this context. Only the Read and Write operations can be granted by a member permission."); } SecurityMemberPermission memberPermission = new SecurityMemberPermission(); memberPermission.Type = typeof(TargetType); memberPermission.Criteria = criteria; memberPermission.Operations = operation; memberPermission.OperationState = state; memberPermission.MemberName = memberName; this.MemberPermissions.Add(memberPermission); return(memberPermission); }
public async ValueTask EnsureOperation(Session session, SecurityOperation operation, object entity) { if (session == null) { throw new ArgumentNullException(nameof(session)); } if (entity == null) { throw new ArgumentNullException(nameof(entity)); } CurrentParticipantModel participant = await this.GetAuthenticatedParticipant(operation, entity.GetType()); if (operation == SecurityOperation.AddOrUpdate || operation == SecurityOperation.Delete) { this.EnsureOperationSecurity(operation, entity, participant); } this.InvokeTypeSecurityChecks(operation, session, participant, entity); }
private ResultProcessOperation IsAnyMemberGranted(Type type, SecurityOperation operation, object targetObject) { ResultProcessOperation result = ResultProcessOperation.Deny; IEntityType entityType = securityDbContext.RealDbContext.Model.FindEntityType(targetObject.GetType()); IEnumerable <INavigation> navigationPropertys = entityType.GetNavigations(); foreach (var property in targetObject.GetType().GetTypeInfo().DeclaredProperties) { if (property.GetGetMethod().IsStatic || navigationPropertys.Any(p => p.Name == property.Name)) { continue; } string propertyName = property.Name; IProperty propertyMetadata = securityDbContext.RealDbContext.Entry(targetObject).Metadata.GetProperties().FirstOrDefault(p => p.Name == propertyName); if (propertyMetadata == null || propertyMetadata.IsKey()) { continue; } bool isGranted = IsGranted(targetObject.GetType(), operation, targetObject, propertyName); if (isGranted) { result = ResultProcessOperation.Allow; break; } } if (result == ResultProcessOperation.Deny) { foreach (INavigation navigationProperty in navigationPropertys) { bool isGranted = IsGranted(targetObject.GetType(), operation, targetObject, navigationProperty.Name); if (isGranted) { result = ResultProcessOperation.Allow; break; } } } return(result); }
private ResultProcessOperation IsGrantedByType(Type type, SecurityOperation operation) { ResultProcessOperation result; IEnumerable <ITypePermission> typePermissions = GetTypePermissions(type).Where(p => p.Operations.HasFlag(operation)); if (typePermissions.Count() != 0) { if (AllowPermissionsPriority) { result = typePermissions.Any(p => p.OperationState == OperationState.Allow) ? ResultProcessOperation.Allow : ResultProcessOperation.Deny; } else { result = typePermissions.Any(p => p.OperationState == OperationState.Deny) ? ResultProcessOperation.Deny : ResultProcessOperation.Allow; } } else { result = ResultProcessOperation.NotContainTargetPermissions; } return(result); }
public static ITypePermission SetTypePermission <T>(this IPermissionsContainer PermissionsContainer, SecurityOperation operation, OperationState state) where T : class { return(PermissionsContainer.SetTypePermission(typeof(T), operation, state)); }
/// <summary> /// 判断权限 /// 用于判断查询,修改,删除,打印权限 /// </summary> /// <param name="so">权限操作类型</param> /// <param name="formid">窗体ID</param> /// <param name="suserid">制单人</param> /// <returns></returns> public bool CheckAuth(SecurityOperation so, int formid, string suserid) { bool bResult = false; //如果是超级用户则直接返回True if (IsAdmin) { bResult = true; } else if (suserid == "") { bResult = true; } else { foreach (Hashtable ht in GetFormSecurity(formid)) { switch ((SecurityOperationValue)ht[so]) { case SecurityOperationValue.None: { bResult = false; break; } case SecurityOperationValue.Self: { bResult = CurrentUserID.ToLower() == suserid.ToLower(); if (bResult) { return bResult; } break; } case SecurityOperationValue.Underling: { bResult = GetUserUnderlingStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return bResult; } break; } case SecurityOperationValue.SelfAndUnderling: { bResult = GetUserSelfAndUnderlingStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return bResult; } break; } case SecurityOperationValue.Department: { bResult = GetUserDeptStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return bResult; } break; } case SecurityOperationValue.DeptUnderling: { bResult = GetUserUnderDeptStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return bResult; } break; } case SecurityOperationValue.DepartmentAndUnderling: { bResult = GetUserDeptAndUnderDeptStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return bResult; } break; } case SecurityOperationValue.All: { bResult = true; if (bResult) { return bResult; } break; } default: { bResult = false; break; } } } } return bResult; }
/// <summary> /// 判断权限 /// 用于判断增加,单价,数量,属性,导出权限 /// </summary> /// <param name="so">权限操作类型</param> /// <param name="formid">窗体ID</param> /// <returns></returns> public bool CheckAuth(SecurityOperation so, int formid) { bool bResult = false; //如果是超级用户则直接返回True if (IsAdmin) { bResult = true; } else { foreach (Hashtable ht in GetFormSecurity(formid)) { //增加,单价,数量,属性,导出权限,只要设置的不为None,其他的都具有 if (so == SecurityOperation.Add || so == SecurityOperation.Num || so == SecurityOperation.Price || so == SecurityOperation.Property || so == SecurityOperation.OutPut) { if ((SecurityOperationValue)ht[so] != SecurityOperationValue.None) { bResult = true; if (bResult) { return bResult; } } } } } return bResult; }
public static void AddMultiplePermissions(SecurityDbContext securityDbContext, SecurityOperation operation) { securityDbContext.PermissionsContainer.SetPermissionPolicy(PermissionPolicy.DenyAllByDefault); Expression <Func <DbContextMultiClass, DbContextObject1, bool> > criteria1 = (db, obj) => obj.Description.StartsWith("Description"); Expression <Func <DbContextMultiClass, DbContextObject1, bool> > criteria2 = (db, obj) => obj.Description.Length > 2; Expression <Func <DbContextMultiClass, DbContextObject1, bool> > criteria3 = (db, obj) => !obj.Description.Contains("SomeBadPhrase");; foreach (SecurityOperation securityOperation in GetSecurityOperations()) { securityDbContext.PermissionsContainer.AddObjectPermission(securityOperation, OperationState.Allow, criteria1); securityDbContext.PermissionsContainer.AddObjectPermission(securityOperation, OperationState.Allow, criteria2); securityDbContext.PermissionsContainer.AddObjectPermission(securityOperation, OperationState.Allow, criteria3); } }
public static void AddOneCollectionPermission(SecurityDbContext securityDbContext, SecurityOperation operation) { securityDbContext.PermissionsContainer.SetPermissionPolicy(PermissionPolicy.DenyAllByDefault); Expression <Func <DbContextConnectionClass, Company, bool> > companyCriteria = (db, obj) => obj.Description.StartsWith("Description"); foreach (SecurityOperation securityOperation in GetSecurityOperations()) { securityDbContext.PermissionsContainer.AddObjectPermission(securityOperation, OperationState.Allow, companyCriteria); } Expression <Func <DbContextConnectionClass, Office, bool> > officeCriteria = (db, obj) => obj.Description.StartsWith("Description"); foreach (SecurityOperation securityOperation in GetSecurityOperations()) { securityDbContext.PermissionsContainer.AddObjectPermission(securityOperation, OperationState.Allow, officeCriteria); } Expression <Func <DbContextConnectionClass, Company, bool> > memberOfficeCriteria = (db, obj) => obj.Description.StartsWith("Description"); foreach (SecurityOperation securityOperation in GetMembersSecurityOperations()) { securityDbContext.PermissionsContainer.AddMemberPermission(securityOperation, OperationState.Allow, "Offices", memberOfficeCriteria); } }
public static bool IsGranted(this IPermissionProcessor processor, Type type, SecurityOperation operation) { return(processor.IsGranted(type, operation, null, "")); }
public static void HandleOperation(SecurityOperation operation, Retrospective retrospective, object entity, in CurrentParticipantModel currentParticipant)
public void SecurityValidator_DisallowsOperationOnNote_UnauthenticatedParticipant(SecurityOperation securityOperation) { // Given Retrospective retro = GetRetrospectiveInStage(RetrospectiveStage.Writing); var note = new Note { ParticipantId = 1 }; this._currentParticipantService.Reset(); Assume.That(this._currentParticipantService.GetParticipant().Result, Is.EqualTo(default(CurrentParticipantModel))); // When TestDelegate action = () => this._securityValidator.EnsureOperation(retro, securityOperation, note).GetAwaiter().GetResult(); // Then Assert.That(action, Throws.InstanceOf <OperationSecurityException>()); }
public PolicyPermission([NotNull] SecurityOperation operations) { Operations = operations; }
/// <summary> /// 判断权限 /// 用于判断查询,修改,删除,打印权限 /// </summary> /// <param name="so">权限操作类型</param> /// <param name="formid">窗体ID</param> /// <param name="lano">制单人</param> /// <returns></returns> public bool CheckAuth(SecurityOperation so, int formid, string suserid) { bool bResult = false; //如果是超级用户则直接返回True if (IsAdmin) { bResult = true; } else if (suserid == "") { bResult = true; } else { foreach (Hashtable ht in GetFormSecurity(formid)) { ////增加权限,只要设置的不为None,其他的都具有 //if (so == SecurityOperation.Add) //{ // if ((SecurityOperationValue)GetFormSecurity(formid)[so] != SecurityOperationValue.None) // { // bResult = true; // } //} //else //{ switch ((SecurityOperationValue)ht[so]) { case SecurityOperationValue.None: { bResult = false; break; } case SecurityOperationValue.Self: { bResult = CurrentUserID.ToLower() == suserid.ToLower(); if (bResult) { return(bResult); } break; } case SecurityOperationValue.Underling: { bResult = GetUserUnderlingStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return(bResult); } break; } case SecurityOperationValue.SelfAndUnderling: { bResult = GetUserSelfAndUnderlingStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return(bResult); } break; } case SecurityOperationValue.Department: { bResult = GetUserDeptStr.ToLower().Contains(suserid.ToLower()); if (bResult) { return(bResult); } break; } case SecurityOperationValue.All: { bResult = true; if (bResult) { return(bResult); } break; } default: { bResult = false; break; } } } } return(bResult); }
private async ValueTask <CurrentParticipantModel> GetAuthenticatedParticipant(SecurityOperation operation, Type entityType) { CurrentParticipantModel participant = await this._currentParticipantService.GetParticipant();
public static bool IsGranted(this IPermissionProcessor processor, Type type, SecurityOperation operation, object targetObject) { return(processor.IsGranted(type, operation, targetObject, "")); }